Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week.

There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. The reason for making this connection is because they provide the way to get the global cyber threat under control. Not just to keep ourselves and our vital systems and services protected, but to reverse the erosion of trust in the Internet.

The attack impacted financial services, hospitals, medium and small size businesses. It was an attack that will also impact trust in the Internet because it immediately and directly impacted people in their day-to-day lives. One specific environment raises everybody's eyebrows: Hospitals.

Let's share a few takeaways:

On Shared Responsibility

The solutions here are not easy: they depend on the actions of many. Solutions depend on individual actors to take action and solutions depend on shared responsibility.

Fortunately, there are a number of actors that take their responsibility. There is a whole set of early responders, funded by private and public sector, and sometimes volunteers, that immediately set out to analyze the malware and collaborate to find root-causes, share experience, work with vendors, and provide insights to provide specific counter attack.

On the other hand, it is clear that not all players are up to par. Some have done things (clicked on links in mails that spread the damage) or not done things (deployed a firewall, not backed up data, or upgraded to the latest OS version) that exaggerated this problem.

When you are connected to the Internet, you are part of the Internet, and you have a responsibility to do your part.

On proliferation of digital knowledge

The bug that was exploited by this malware purportedly came out of a leaked NSA cache of stockpiled zero-days. There are many lessons, but fundamentally the lesson is that data one keeps can, and perhaps will, eventually leak. Whether we talk about privacy related data-breaches or 'backdoors' in cryptography, one needs to assume that knowledge, once out, is available on the whole of the Internet.

Permissionless innovation

The attackers abused the openness of the environment — one of the fundamental properties of the Internet itself. That open environment allows for new ideas to be developed on a daily basis and also allows those to become global. Unfortunately, those new innovations are available for abuse too. The uses of Bitcoins for the payment of ransom is an example of that. We should try to preserve the inventiveness of the Internet.

It is also our collective responsibility to promote innovation for the benefit of the people and to deal collectively with bad use of tools. Above all, the solutions to the security challenges we face should not limit the power of innovation that the Internet allows.

Internet and Society

Society is impacted by these attacks. This is clearly not an Internet-only issue. This attack upset people, rightfully so. People have to solve these issues, technology doesn't have all the answers, nor does a specific sector. When looking for leadership, the idea that there is a central authority that can solve all this is a mistake.

The leadership is with us all, we have to tackle these issues with urgency, in a networked way. At the Internet Society we call that Collaborative Security. Let's get to work.

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Related

One of the chronic features of the Bitcoin landscape is that Bitcoin exchanges screw up and fail, starting with Mt. Gox. There's nothing conceptually very hard about running an exchange, so what's the problem? The first problem is that Bitcoin and other blockchains are by design completely unforgiving. If there is a bug in your software which lets people steal coins, too bad, nothing to be done. more

The Cuba Internet Task Force (CITF) held their inaugural meeting last week. Deputy Assistant Secretary for Western Hemisphere Affairs John S. Creamer will chair the CITF, and there are government representatives from the Department of State, Office of Cuba Broadcasting, Federal Communications Commission, National Telecommunications and Information Administration and Agency for International Development. Freedom House will represent NGOs and the Information Technology Industry Council will represent the IT industry. more

The release of the Tillerson letter to the House Committee on Foreign Affairs describes the State Department's new "Cyber Bureau" together with its "primary lines of effort." The proposal is said to be designed to "lead high-level diplomatic engagements around the world." Two of those "efforts" deserve special note and provide an entirely new spin on the affectionate local term for the Department -- Foggy Bottom. more

These days in Washington, even the most absurd proposals become the new normal. The announcement yesterday of a new U.S. State Department Cyberspace Bureau is yet another example of setting the nation up as an isolated, belligerent actor on the world stage. In some ways, the reorganization almost seems like a companion to last week's proposal to take over the nation's 5G infrastructure. Most disturbingly, it transforms U.S. diplomacy assets from multilateral cooperation to becoming the world's bilateral cyber-bully nation. more

With GDPR coming into effect this May, it is almost a forgone conclusion that WHOIS as we know it today, will change. Without knowing the full details, how can companies begin to prepare? First and foremost, ensuring that brand protection, security and compliance departments are aware that a change to WHOIS access is on the horizon is an important first step. Just knowing that the ability to uncover domain ownership information is likely to change in the future will help to relieve some of the angst that is likely to occur. more

President Obama began working on Cuban rapprochement during his 2009 presidential campaign. After over five years of thought and negotiation, the Whitehouse announced a major shift in Cuba policy, which included allowing telecommunications providers "to establish the necessary mechanisms, including infrastructure, in Cuba to provide commercial telecommunications and Internet services, which will improve telecommunications between the United States and Cuba." more

On January 24, 2018, ICANN's Business Constituency (BC) and Intellectual Property Constituency (IPC) co-hosted an event to discuss the EU's General Data Protection Regulation (GDPR) and its implications on access to the WHOIS database. ICANN's CEO and General Counsel joined the discussion, as did stakeholders from across the ICANN community. The event was timely and well attended with over 200 participants attending in-person or virtually. more

The regulatory environment for brands and retailers that do business online is getting stricter thanks to regulatory changes in Europe with the General Data Protection Regulation (GDPR), as well as existing regulations in the U.S. Companies that adapt quickly can turn these changes into a competitive advantage. As we grapple worldwide with the implications of the incredible amount of personal data generated every day, consumers are pressuring brands and legislators alike for more control over their information. more

U.S. Chamber of Commerce President Thomas J. Donohue on January 10, 2018, warned that "techlash" is a threat to prosperity in 2018. What was he getting at? A "backlash against major tech companies is gaining strength -- both at home and abroad, and among consumers and governments alike." "Techlash" is a shorthand reference to a variety of impulses by government and others to shape markets, services, and products; protect local interests; and step in early to prevent potential harm to competition or consumers. more

In simple terms, Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month's worth of payroll. There are two roads the coach could take, and a fork, or a branch, where the driver decides which one to take. The driver could take either one. What is the solution? Station robbers along both sides of the branch, and wait to see which one the driver chooses. more

In 1991, eight high-level Soviet officials attempted a coup that failed after two days. During those two days, citizen journalists and activists used Usenet newsgroups to carry traffic into, out of and within Russia (70 cities). News spread and protests were organized in Russia. In the west, we saw images of Boris Yeltsin speaking to demonstrators while standing on top of a tank and the Russians saw that we were aware of and reporting on the coup. more

The year 2018 represents a tipping point for the Internet and its governance. Internet governance risks being consumed by inertia. Policy decisions are needed if we want to prevent the Internet from fragmenting into numerous national and commercial Internet(s). Geopolitical shifts, in particular, will affect how the Internet is governed. The Internet is made vulnerable by the fragmentation of global society, which is likely to accelerate in response to the ongoing crisis of multilateralism. more

The National Science Foundation awarded a small contract to the IEEE to host a small two-day meeting on 30 Sept 1994 of selected invitees at the IEEE's Washington DC 18th Street offices on "Name Registration For The '.COM' Domain." Being part of the InterNIC contract oversight committee, I was one of the eight invitees. It turned out in many ways to be the single most important meeting in the long, checkered history of what is today referred to as "the internet," that made an extraordinarily bad decision. more

If you visit Marriott's China website today, you're likely to see this (see screenshot). I dumped the text within this page into Google Translate and included below is what it loosely said. So what exactly happened here? Marriott sent a survey in Mandarin to its Chinese loyalty members that referred to Tibet, Macau, and Taiwan as "countries." As readers of this site might know quite well by now, in the eyes of Chinese authorities, this is no trivial oversight. more

How was the state of the Internet's routing system in 2017? Let's take a look back using data from BGPStream. Some highlights: 13,935 total incidents (either outages or attacks like route leaks and hijacks); Over 10% of all Autonomous Systems on the Internet were affected; 3,106 Autonomous Systems were a victim of at least one routing incident; 1,546 networks caused at least one incident. more

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead4522

A World-Renowned Source for Internet Developments. Serving Since 2002.